<?php
/*
+-----------------------------------------------------------------------------+
| $Id: *.php 2009-08-18 08:41:22Z Bleakwind $
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

$setting_attach['length']       = $CONFIG['max_post_attach_length'];
$setting_attach['size']         = $CONFIG['max_post_attach_size'];
$setting_attach['type']         = $CONFIG['max_post_attach_type'];
$setting_attach['brief_length'] = $CONFIG['max_post_attach_brief_length'];
$setting_attach['number']       = $CONFIG['max_post_attach_number'];
$setting_attach['dir']          = date("Y")."/".date("Ym")."/".date("Ymd")."/";

if( !preg_match("/^[1-9][0-9]{0,10}$/i",$sys->get['topic_id']) ){
    $sys->prompt("failed",$LANGUAGE['s']['edit']['topic_id_error']."<!-- topic_id_error -->");
} elseif( !preg_match("/^[1-9][0-9]{0,10}$/i",$sys->get['post_id']) ){
    $sys->prompt("failed",$LANGUAGE['s']['edit']['post_id_error']."<!-- post_id_error -->");
} else {
    $sql = "SELECT topic.*,

                icon_topic.filename as icon_filename,

                post.id as post_id,
                post.topic_id as post_topic_id,
                post.content as post_content,
                post.quote_id as post_quote_id,
                post.quote_path as post_quote_path,
                post.post_mid as post_post_mid,
                post.post_musername as post_post_musername,
                post.post_ip as post_post_ip,
                post.post_time as post_post_time,
                post.modify_mid as post_modify_mid,
                post.modify_musername as post_modify_musername,
                post.modify_ip as post_modify_ip,
                post.modify_time as post_modify_time,
                post.if_face as post_if_face,
                post.if_bbcode as post_if_bbcode,
                post.if_url as post_if_url,
                post.if_html as post_if_html,
                post.floor as post_floor,
                post.rank as post_rank,

                channel.id as channel_id,
                channel.name as channel_name,

                member.id as m_id,
                member.username as m_username,
                member.email as m_email,
                member.card as m_card,
                member.mg_type as m_mg_type,
                member.mg_type_expired as m_mg_type_expired,
                member.silver as m_silver,
                member.point as m_point,
                member.bonus as m_bonus,
                member.pile1 as m_pile1,
                member.pile2 as m_pile2,
                member.pile3 as m_pile3,
                member.pile4 as m_pile4,
                member.pile5 as m_pile5,
                member.pile6 as m_pile6,
                member.time_created as m_time_created,
                member.time_lastvisit as m_time_lastvisit,
                member.cumulant_silver as m_cumulant_silver,
                member.cumulant_offer as m_cumulant_offer,
                member.cumulant_online as m_cumulant_online,

                member_detail.mid as md_mid,
                member_detail.realname as md_realname,
                member_detail.gender as md_gender,
                member_detail.birthday as md_birthday,
                member_detail.address as md_address,
                member_detail.postalcode as md_postalcode,
                member_detail.telephone as md_telephone,
                member_detail.mobile as md_mobile,
                member_detail.avatar_type as md_avatar_type,
                member_detail.avatar_value as md_avatar_value,
                member_detail.website as md_website,
                member_detail.gtalk as md_gtalk,
                member_detail.msn as md_msn,
                member_detail.icq as md_icq,
                member_detail.qq as md_qq,
                member_detail.yahoo as md_yahoo,
                member_detail.bio as md_bio,
                member_detail.sign as md_sign,
                member_detail.last_post as md_last_post,
                member_detail.total_topic as md_total_topic,
                member_detail.total_reply as md_total_reply,
                member_detail.total_elite as md_total_elite,
                member_detail.remark as md_remark,

                member_group.mg_id,
                member_group.mg_name

            FROM ".DB_TABLE_TOPIC." topic
                LEFT JOIN ".DB_TABLE_POST." post ON post.id=topic.post_pid
                LEFT JOIN ".DB_TABLE_ICON_TOPIC." icon_topic ON icon_topic.id=topic.icon
                LEFT JOIN ".DB_TABLE_CHANNEL." channel ON channel.id=topic.channel_id
                LEFT JOIN ".DB_TABLE_MEMBER." member ON member.id=post.post_mid
                LEFT JOIN ".DB_TABLE_MEMBER_DETAIL." member_detail ON member_detail.mid=member.id
                LEFT JOIN ".DB_TABLE_MEMBER_GROUP." member_group ON member_group.mg_type=member.mg_type
                    AND (member_group.mg_point_begin<=member.point || member_group.mg_point_begin IS NULL)
                    AND (member_group.mg_point_end>=member.point || member_group.mg_point_end IS NULL)
            WHERE topic.id=".$sys->get['topic_id']."";
    $result = &$db->Execute($sql);
    if (!$result) {
        echo $db->ErrorMsg();
    } else {
        if (!$result->EOF) {
            $topic_info = array(
                'id'                        => $result->fields['id'],
                'channel_id'                => $result->fields['channel_id'],
                'icon'                      => $result->fields['icon'],
                'subject'                   => $result->fields['subject'],
                'subject_len'               => mb_strwidth($result->fields['subject'],"UTF-8"),
                'post_mid'                  => $result->fields['post_mid'],
                'post_musername'            => $result->fields['post_musername'],
                'post_ip'                   => $result->fields['post_ip'],
                'post_time'                 => $result->fields['post_time'],
                'post_pid'                  => $result->fields['post_pid'],
                'number_reply'              => $result->fields['number_reply'],
                'number_click'              => $result->fields['number_click'],
                'last_mid'                  => $result->fields['last_mid'],
                'last_musername'            => $result->fields['last_musername'],
                'last_time'                 => $result->fields['last_time'],
                'last_pid'                  => $result->fields['last_pid'],
                'style_color'               => $result->fields['style_color'],
                'style_fontstyle'           => $result->fields['style_fontstyle'],
                'style_decoration'          => $result->fields['style_decoration'],
                'style_begin'               => $result->fields['style_begin'],
                'style_end'                 => $result->fields['style_end'],
                'if_elite'                  => $result->fields['if_elite'],
                'if_elite_begin'            => $result->fields['if_elite_begin'],
                'if_elite_end'              => $result->fields['if_elite_end'],
                'if_top'                    => $result->fields['if_top'],
                'if_top_begin'              => $result->fields['if_top_begin'],
                'if_top_end'                => $result->fields['if_top_end'],
                'if_close'                  => $result->fields['if_close'],
                'if_close_begin'            => $result->fields['if_close_begin'],
                'if_close_end'              => $result->fields['if_close_end'],
                'if_move'                   => $result->fields['if_move'],
                'if_move_id'                => $result->fields['if_move_id'],
                'if_del'                    => $result->fields['if_del'],
                'rank'                      => $result->fields['rank'],

                'icon_filename'             => $result->fields['icon_filename'],

                'post_id'                   => $result->fields['post_id'],
                'post_topic_id'             => $result->fields['post_topic_id'],
                'post_content'              => $result->fields['post_content'],
                'post_quote_id'             => $result->fields['post_quote_id'],
                'post_quote_path'           => $result->fields['post_quote_path'],
                'post_post_mid'             => $result->fields['post_post_mid'],
                'post_post_musername'       => $result->fields['post_post_musername'],
                'post_post_ip'              => $result->fields['post_post_ip'],
                'post_post_time'            => $result->fields['post_post_time'],
                'post_modify_mid'           => $result->fields['post_modify_mid'],
                'post_modify_musername'     => $result->fields['post_modify_musername'],
                'post_modify_ip'            => $result->fields['post_modify_ip'],
                'post_modify_time'          => $result->fields['post_modify_time'],
                'post_if_face'              => $result->fields['post_if_face'],
                'post_if_bbcode'            => $result->fields['post_if_bbcode'],
                'post_if_url'               => $result->fields['post_if_url'],
                'post_if_html'              => $result->fields['post_if_html'],
                'post_floor'                => $result->fields['post_floor'],
                'post_rank'                 => $result->fields['post_rank'],

                'channel_id'                => $result->fields['channel_id'],
                'channel_name'              => $result->fields['channel_name'],
                'channel_name_len'          => mb_strwidth($result->fields['channel_name'],"UTF-8"),

                'm_id'                      => $result->fields['m_id'],
                'm_username'                => $result->fields['m_username'],
                'm_email'                   => $result->fields['m_email'],
                'm_card'                    => $result->fields['m_card'],
                'm_mg_type'                 => $result->fields['m_mg_type'],
                'm_mg_type_expired' => $result->fields['m_mg_type_expired'],
                'm_silver'                  => $result->fields['m_silver'],
                'm_point'                   => $result->fields['m_point'],
                'm_bonus'                   => $result->fields['m_bonus'],
                'm_pile1'                   => $result->fields['m_pile1'],
                'm_pile2'                   => $result->fields['m_pile2'],
                'm_pile3'                   => $result->fields['m_pile3'],
                'm_pile4'                   => $result->fields['m_pile4'],
                'm_pile5'                   => $result->fields['m_pile5'],
                'm_pile6'                   => $result->fields['m_pile6'],
                'm_time_created'            => $result->fields['m_time_created'],
                'm_time_lastvisit'          => $result->fields['m_time_lastvisit'],
                'm_cumulant_silver'         => $result->fields['m_cumulant_silver'],
                'm_cumulant_offer'          => $result->fields['m_cumulant_offer'],
                'm_cumulant_online'         => $result->fields['m_cumulant_online'],

                'md_mid'                    => $result->fields['md_mid'],
                'md_realname'               => $result->fields['md_realname'],
                'md_gender'                 => $result->fields['md_gender'],
                'md_birthday'               => $result->fields['md_birthday'],
                'md_address'                => $result->fields['md_address'],
                'md_postalcode'             => $result->fields['md_postalcode'],
                'md_telephone'              => $result->fields['md_telephone'],
                'md_mobile'                 => $result->fields['md_mobile'],
                'md_avatar_type'            => $result->fields['md_avatar_type'],
                'md_avatar_value'           => $result->fields['md_avatar_value'],
                'md_website'                => $result->fields['md_website'],
                'md_gtalk'                  => $result->fields['md_gtalk'],
                'md_msn'                    => $result->fields['md_msn'],
                'md_icq'                    => $result->fields['md_icq'],
                'md_qq'                     => $result->fields['md_qq'],
                'md_yahoo'                  => $result->fields['md_yahoo'],
                'md_bio'                    => $result->fields['md_bio'],
                'md_sign'                   => $result->fields['md_sign'],
                'md_last_post'              => $result->fields['md_last_post'],
                'md_total_topic'            => $result->fields['md_total_topic'],
                'md_total_reply'            => $result->fields['md_total_reply'],
                'md_total_elite'            => $result->fields['md_total_elite'],
                'md_remark'                 => $result->fields['md_remark'],

                'mg_id'                     => $result->fields['mg_id'],
                'mg_name'                   => $result->fields['mg_name'],
            );
        }
    }

    if( !preg_match("/^[1-9][0-9]{0,18}$/",$topic_info['id']) ){
        $sys->prompt("failed",$LANGUAGE['s']['edit']['topic_id_not_exist']."<!-- topic_id_not_exist -->");
    } elseif ($topic_info['if_del'] == "1") {
        $sys->prompt("failed",$LANGUAGE['s']['edit']['topic_id_already_del']."<!-- topic_id_already_del -->");
    } elseif( $topic_info['if_close'] == 1 || ($topic_info['if_close'] == 3 && $topic_info['if_close_begin'] < $sys->nowtime && $topic_info['if_close_end'] > $sys->nowtime) ){
        $sys->prompt("failed",$LANGUAGE['s']['edit']['topic_if_close_yes']."<!-- topic_if_close_yes -->");
    } elseif( !preg_match("/^[1-9][0-9]{0,10}$/",$topic_info['channel_id']) ){
        $sys->prompt("failed",$LANGUAGE['s']['edit']['channel_id_not_exist']."<!-- channel_id_not_exist -->");
    } else {
        $channel_info   = $sys->return_channel_info($topic_info['channel_id']);
        if ($channel_info['if_enable'] != "1") {
            $sys->prompt("failed",$LANGUAGE['s']['edit']['channel_id_not_enable']."<!-- channel_id not enable -->");
        } else {
      
            if ($ADMIN['ag_privilege']['topic'] == "1" || ($ADMIN['ag_privilege']['topic'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_topic = "1";
            } else {
                $ag_privilege_topic = "2";
            }

            if ($ADMIN['ag_privilege']['channel_passinto'] == "1" || ($ADMIN['ag_privilege']['channel_passinto'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_passinto = "1";
            } else {
                $ag_privilege_channel_passinto = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockpost'] == "1" || ($ADMIN['ag_privilege']['channel_lockpost'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockpost = "1";
            } else {
                $ag_privilege_channel_lockpost = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockreply'] == "1" || ($ADMIN['ag_privilege']['channel_lockreply'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockreply = "1";
            } else {
                $ag_privilege_channel_lockreply = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockedit'] == "1" || ($ADMIN['ag_privilege']['channel_lockedit'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockedit = "1";
            } else {
                $ag_privilege_channel_lockedit = "2";
            }

            if ($ADMIN['ag_privilege']['channel_lockdel'] == "1" || ($ADMIN['ag_privilege']['channel_lockdel'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
                $ag_privilege_channel_lockdel = "1";
            } else {
                $ag_privilege_channel_lockdel = "2";
            }

            if( $MEMBER['mg_privilege']['if_forbidpost'] == "1" && $ag_privilege_topic != "1" ){
                $sys->prompt("failed",$LANGUAGE['s']['edit']['forbid_post']."<!-- forbid_post -->");
            } else {

                $sys->return_channel_current($topic_info['channel_id']);
                $trans_value    = $sys->return_trans_value($topic_info['channel_id'], $topic_info['id']);
                $post_info      = func::db_select(DB_TABLE_POST, "*", "id=".$sys->get['post_id']." AND topic_id=".$sys->get['topic_id']);
                $post_info      = $post_info[0];
                $post_info['attach_list'] = func::db_select(DB_TABLE_POST_ATTACH, "*", "post_id=".$post_info['id'], "", "id DESC");
                $reply_after    = func::db_count_record(DB_TABLE_POST, "topic_id=".$sys->get['topic_id']." AND rank>".$post_info['rank']);

                if( !preg_match("/^[1-9][0-9]{0,18}$/",$post_info['id']) ){
                    $sys->prompt("failed",$LANGUAGE['s']['edit']['post_id_not_exist']."<!-- post_id_not_exist -->");
                } elseif ( $post_info['post_mid'] != $MEMBER['id'] && $ag_privilege_topic != "1" ) {
                    $sys->prompt("failed",$LANGUAGE['s']['edit']['post_id_privilege_error']."<!-- post_id_privilege_error -->");
                } else {

                    if ($sys->get['ope'] == "edit") {
                        if( $channel_info['if_lock'] == "1" && $ag_privilege_topic != "1" && $ag_privilege_channel_lockedit != "1" ){
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['if_lock_yes']."<!-- if_lock_yes -->");
                        } elseif( $MEMBER['mg_privilege']['if_editpost'] != "1" && $ag_privilege_topic != "1" ){
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['edit_post']."<!-- edit_post -->");
                        } elseif ( ($MEMBER['mg_privilege']['if_editpost_post'] == "1" && $reply_after > 0) && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['edit_post_post']."<!-- edit_post_post -->");
                        } elseif ( ($MEMBER['mg_privilege']['if_editpost_time'] != "0" && ($sys->nowtime-$post_info['post_time']) > $MEMBER['mg_privilege']['if_editpost_time']) && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['edit_post_time']."<!-- edit_post_time -->");
                        } elseif ( ($topic_info['post_pid'] == $post_info['id'] && $MEMBER['mg_privilege']['if_editpost_topic'] != "1") && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['edit_post_topic']."<!-- edit_post_topic -->");
                        } else {

                            $attach_list            = "attach_list";
                            $attach_type            = "amend";
                            $attach_where           = $post_info['id'];
                            $attach_table           = DB_TABLE_POST_ATTACH;
                            $attach_dir             = $SETTING['dir_post_attach'];
                            list($attach_list_result, $attach_list_result_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
                            $attach_list_result_js  = trim($attach_list_result_js);
                            if (!empty($attach_list_result_js)) {
                                $attach_list_result     = $attach_list_result."\n<script type=\"text/javascript\">\n<!-- \n".$attach_list_result_js."\n //-->\n</script>\n";
                            }

                            $t->assign(array(
                                "attach_list_result"    => $attach_list_result,
                            ));
                            
                            // attach ajax
                            function upload_submit($form,$action,$prompt)  
                            {
                                global $LANGUAGE,$LANGLIST,$SETTING,$setting_attach;
                                $ajax_response = new xajaxResponse();
                                $ajax_response->assign($prompt, "innerHTML", "<img src=\"".$SETTING['dir_images']."/loading.gif\" border=\"0\" align=\"absmiddle\" />");
                                $ajax_response->remove($form."_upload_target");
                                $ajax_response->append($prompt, "innerHTML", "<iframe id=\"".$form."_upload_target\" name=\"".$form."_upload_target\" width=\"0\" height=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"about:blank\" style=\"display:none;\"></iframe>");
                                $ajax_response->assign($form,"action",$action);
                                $ajax_response->assign($form,"target",$form."_upload_target");
                                $ajax_response->script("document.".$form.".submit();");
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "upload_submit");
                            function attach_upload_return($state,$type,$search,$form,$file_input,$input_value,$submit,$list,$detail_input,$prompt,$msg)
                            {
                                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                                $ajax_response = new xajaxResponse();
                                $ajax_response->assign($form,"action","javascript:void(null);");
                                $ajax_response->assign($form,"target","_self");

                                if ($state == "1") {
                                    $ajax_response->assign($detail_input, "value", "");
                                    $ajax_response->assign($file_input, "innerHTML", $input_value);
                                }

                                $attach_list    = $list;
                                $attach_type    = "amend";
                                $attach_where   = $search;
                                $attach_table   = DB_TABLE_POST_ATTACH;
                                $attach_dir     = $SETTING['dir_post_attach'];
                                list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                                $ajax_response->assign($list,"innerHTML",$file_str);
                                $ajax_response->script($file_str_js);

                                $ajax_response->assign($prompt, "innerHTML", $msg);
                                $ajax_response->assign($submit,"disabled",false);
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "attach_upload_return");
                            function attach_get($type,$search,$file_input,$file,$submit,$list,$detail_input,$brief,$prompt)
                            {
                                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                                $ajax_response = new xajaxResponse();
                                //$ajax_response->alert(print_r($value['brief'], true)); return $ajax_response;

                                $attach_filetype = explode(",",$setting_attach['type']);
                                if (empty($file)) {
                                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_url_empty']."</span>");
                                    $ajax_response->assign($submit,"disabled",false);
                                }else{
                                    preg_match("/([^\/.]*)\.[^\/.]*$/", $file, $name_primal); $name_primal = $name_primal[1]; 
                                    preg_match("/[^\/.]*(\.[^\/.]*)$/", $file, $name_extend); $name_extend = $name_extend[1];
                                    if (empty($name_primal)) {
                                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_name_failed']."</span>");
                                        $ajax_response->assign($submit,"disabled",false);
                                    } elseif (!preg_match("/[a-z0-9\.]{1,9}/i", $name_extend) || !in_array($name_extend, $attach_filetype)) {
                                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_type_error']."<!-- file type error --></span>");
                                        $ajax_response->assign($submit,"disabled",false);
                                    } else{
                 
                                        $result_state = "1";
                                        $brief = empty($brief) ? func::str_cut($name_primal.$name_extend, 0, $setting_attach['brief_length']) : $brief;

                                        $post_id        = $search;
                                        if (!preg_match("/^[1-9][0-9]*$/",$post_id)){
                                            $result_state = "0";
                                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_post_id_error']."<!-- post_id error --></span>");
                                            $ajax_response->assign($submit,"disabled",false);
                                        } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=".$post_id) >= $setting_attach['number']){
                                            $result_state = "0";
                                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['edit']['attach_get_total_full'],$setting_attach['number'])."<!-- number error --></span>");
                                            $ajax_response->assign($submit,"disabled",false);
                                        } elseif (mb_strwidth($brief,"UTF-8") > $setting_attach['brief_length']){
                                            $result_state = "0";
                                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['edit']['attach_get_brief_full'],$setting_attach['brief_length'])."<!-- brief error --></span>");
                                            $ajax_response->assign($submit,"disabled",false);
                                        } else {
                                            $dir    = $setting_attach['dir'];
                                            $path   = $SETTING['dir_post_attach']."/".$dir;
                                            if (!file_exists($path)) { func::make_dir($path); }

                                            $filename       = "";
                                            $file_notexists = false;
                                            while($file_notexists === false){
                                                $name_base = func::return_lenstr(sha1($name_primal.microtime()),$setting_attach['length']);
                                                $filename = $name_base.$name_extend;
                                                if(!file_exists($target_dir.$filename)) {
                                                    $file_notexists = true;
                                                }
                                            }

                                            if (!@copy($file, $path.$filename)) {
                                                $result_state = "0";
                                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_file_failed']."<!-- copy error --></span>");
                                                $ajax_response->assign($submit,"disabled",false);
                                            }else{
                                                $sql_data   = array(
                                                    "brief"             => "'".addslashes($brief)."'",
                                                    "dir"               => "'".$dir."'",
                                                    "filename"          => "'".$filename."'",
                                                    "post_id"           => "'".(int)$post_id."'",
                                                    "member_id"          => "'".(int)$MEMBER['id']."'",
                                                    "time"              => $sys->nowtime,
                                                    "down"              => "0",
                                                );
                                                $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                                                if (!$result) {
                                                    if (file_exists($path.$filename)) {
                                                        @chmod($path.$filename, $SETTING['chmod_mode_file']);
                                                        @unlink($path.$filename);
                                                    }
                                                    $result_state = "0";
                                                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_get_updatedb_failed']."<!-- attach_get_updatedb_failed --></span>");
                                                    $ajax_response->assign($submit,"disabled",false);
                                                }
                                            }
                                        }

                                        if ($result_state == "1"){

                                            $attach_list    = $list;
                                            $attach_type    = "amend";
                                            $attach_where   = $search;
                                            $attach_table   = DB_TABLE_POST_ATTACH;
                                            $attach_dir     = $SETTING['dir_post_attach'];
                                            list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                                            $ajax_response->assign($list,"innerHTML",$file_str);
                                            $ajax_response->script($file_str_js);

                                            $ajax_response->assign($file_input, "value", "");
                                            $ajax_response->assign($detail_input, "value", "");
                                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_succeed\">".$LANGUAGE['s']['edit']['attach_get_file_succeed']."<!-- get file succeed --></span>");
                                        }

                                        $ajax_response->assign($submit,"disabled",false);
                                    }
                                }
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "attach_get");
                            function attach_del($type,$search,$del,$list)
                            {
                                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                                $ajax_response = new xajaxResponse();

                                $result_state = "1";

                                $post_id = $search;
                                if (!preg_match("/^[1-9][0-9]*$/",$post_id)){
                                    $result_state = "0";
                                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_del_post_id_error']."<!-- post_id error --></span>");
                                    $ajax_response->assign($submit,"disabled",false);
                                } else {
                                    if (!preg_match("/^[1-9][0-9]*$/",$del)){
                                        $result_state = "0";
                                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_del_attach_id_error']."<!-- del error --></span>");
                                        $ajax_response->assign($submit,"disabled",false);
                                    } else {
                                        $filelist = func::db_select(DB_TABLE_POST_ATTACH, "*", "id=".$del, "", "id DESC");
                                        $file_value = $filelist[0];
                                        if (!empty($file_value['dir'])){
                                            $dir    = $file_value['dir'];
                                            $path   = $SETTING['dir_post_attach']."/".$dir;
                                            if (!empty($file_value['filename'])){
                                                if (file_exists($path.$filelist[0]['filename'])) {
                                                    @chmod($path.$file_value['filename'], $SETTING['chmod_mode_file']);
                                                    @unlink($path.$file_value['filename']);
                                                }
                                            }
                                        }
                                        $result = func::db_delete(DB_TABLE_POST_ATTACH,  "id=".$file_value['id']);
                                        if (!$result) {
                                            $result_state = "0";
                                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['attach_del_updatedb_failed']."<!-- db update error --></span>");
                                            $ajax_response->assign($submit,"disabled",false);
                                        }
                                    }
                                }

                                if ($result_state == "1"){
                                    $attach_list    = $list;
                                    $attach_type    = "amend";
                                    $attach_where   = $search;
                                    $attach_table   = DB_TABLE_POST_ATTACH;
                                    $attach_dir     = $SETTING['dir_post_attach'];
                                    list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
                                    
                                    $ajax_response->assign($list,"innerHTML",$file_str);
                                    $ajax_response->script($file_str_js);
                                }

                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "attach_del");
                            function set_value_onfocus($name, $id, $value, $type="text", $maxlength="255", $style="")
                            {
                                global $SETTING, $LANGUAGE, $MEMBER, $ADMIN, $db, $sys, $select_option;
                                $ajax_response = new xajaxResponse();
                                if (!empty($style)) { $style = "style=\"".$style."\""; }

                                if ($type == "text") {
                                    $result = '<input type="text" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="'.$value.'" maxlength="'.$maxlength.'" size="6" class="input" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">';
                                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                                } elseif($type == "textarea") {
                                    $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\',  this.value);">'.$value.'</textarea>';
                                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                                } elseif ($type == "textarea_resize") {
                                    $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">'.$value.'</textarea>';
                                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                                    $ajax_response->script("$('#".$name."_".$id."_input').resizable({ autohide: true, minWidth: 200, minHeight: 100,  maxWidth: 800, maxHeight: 600 });");
                                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                                } elseif($type == "checkbox") {
                                    $checked = $value == "1" ? "checked" : "";
                                    $result = '<input type="checkbox" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="1" '.$checked.' class="checkbox" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.checked == true ? 1 : 2);">';
                                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                                }
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "set_value_onfocus");
                            function set_value_onblur($name, $id, $value="")
                            {
                                global $SETTING, $LANGUAGE, $ASESSION, $ADMIN, $db, $sys, $setting_attach;
                                $ajax_response = new xajaxResponse();
                                $if_error   = false;
                                $error_msg  = array();

                                // check
                                if ($name == "brief") {
                                    if (mb_strwidth($value,"UTF-8") > $setting_attach['brief_length']){
                                        $if_error       = true;
                                        $error_msg[]    = sprintf($LANGUAGE['s']['edit']['attach_brief_full'],$setting_attach['brief_length']);
                                    }
                                }

                                // update
                                if (!$if_error) {
                                    $sql = "UPDATE ".DB_TABLE_POST_ATTACH." SET
                                                ".$name."   = '".addslashes($value)."'
                                            WHERE id='".$id."'";
                                    $result = $db->Execute($sql);
                                    if (!$result) {
                                        $if_error       = true;
                                        $error_msg[]    = $db->ErrorMsg();
                                    }
                                }

                                // select and set hidden value
                                if (!$if_error) {
                                    $sql = "SELECT *
                                            FROM ".DB_TABLE_POST_ATTACH."
                                            WHERE id='".$id."'";
                                    $result = $db->Execute($sql);
                                    if (!$result) {
                                        $if_error       = true;
                                        $error_msg[]    = $db->ErrorMsg();
                                    } else {
                                        $ajax_response->assign($name."_".$id."_value", "value", $result->fields[$name]);
                                    }
                                }

                                // show new
                                if (!$if_error) {
                                    if ($result->fields['post_id'] == "0") {
                                        $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                                    } else {
                                        $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&post_id=".$result->fields['post_id']."&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                                    }
                                }

                                // alert error
                                if ($if_error) {
                                    $ajax_response->alert($LANGUAGE['s']['edit']['error_msg_array']."\n- ".implode("\n- ", $error_msg));
                                }
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "set_value_onblur");
                            //////
                            // form post ajax
                            function submit_edit($value, $button_submit)
                            {
                                global $SETTING,$LANGUAGE,$CONFIG,$CONFIGURE,$SESSION,$PROMPT,$MEMBER,$db,$sys,$c,$trans_value,$channel_info,$topic_info,$post_info,$icon_topic_list;
                                $ajax_response = new xajaxResponse();
                                $error = false;
                                //$ajax_response->alert(print_r($value, true)); $ajax_response->assign($button_submit,"disabled",false); return $ajax_response;

                                // check the avatar
                                if (empty($value['content'])) {
                                    $error = true;
                                    if(empty($anchor)) { $anchor = "content"; }
                                    $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['edit']['submit_edit_content_empty']."</span>");
                                } elseif (mb_strlen($value['content'], "utf-8") > $CONFIG['max_reply_content']) {
                                    $error = true;
                                    if(empty($anchor)) { $anchor = "content"; }
                                    $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['edit']['submit_edit_content_full'],$setting_attach['max_reply_content'])."</span>");
                                } else {
                                    $ajax_response->assign("content_return", "innerHTML", "");
                                }

                                if($error){
                                    $ajax_response->assign($button_submit,"value",$LANGUAGE['s']['edit']['submit_post']);
                                    $ajax_response->assign($button_submit,"disabled",false);
                                    $ajax_response->redirect("#".$anchor);
                                }else{

                                    $config_list = func::db_select(DB_TABLE_CONFIG, "name,value", "name='censor_post'");
                                    if (!empty($config_list)) {
                                        foreach($config_list as $v){
                                            $CONFIG[$v['name']] = trim($v['value']);
                                        }
                                    }
                                    $str_search = preg_match_all('/(.*)=/i', $CONFIG['censor_post'], $matches);
                                    $str_search = $matches[1];
                                    $str_replace = preg_match_all('/=(.*)/i', $CONFIG['censor_post'], $matches);
                                    $str_replace = $matches[1];
                                    for($i=0; $size=count($str_search),$i<$size;$i++) {
                                        $value['content'] = eregi_replace($str_search[$i], $str_replace[$i], $value['content']);
                                    }

                                    if ( $channel_info['if_face'] == "1" && $value['if_face'] == "1") {
                                            $value['if_face'] = "1";
                                    } else {
                                            $value['if_face'] = "2";
                                    }
                                    if ( $channel_info['if_bbcode'] == "1" && $value['if_bbcode'] == "1") {
                                            $value['if_bbcode'] = "1";
                                    } else {
                                            $value['if_bbcode'] = "2";
                                    }
                                    if ( $channel_info['if_url'] == "1" && $value['if_url'] == "1") {
                                            $value['if_url'] = "1";
                                    } else {
                                            $value['if_url'] = "2";
                                    }
                                    if ( $channel_info['if_html'] == "1" && $value['if_html'] == "1") {
                                            $value['if_html'] = "1";
                                    } else {
                                            $value['if_html'] = "2";
                                    }
                                    $sql = "UPDATE ".DB_TABLE_POST." SET
                                                topic_id                = '".$topic_info['id']."',
                                                content                 = '".addslashes($value['content'])."',
                                                modify_mid              = '".$MEMBER['id']."',
                                                modify_musername        = '".$MEMBER['username']."',
                                                modify_ip               = '".func::return_ip()."',
                                                modify_time             = ".$sys->nowtime.",
                                                if_face                 = ".$value['if_face'].",
                                                if_bbcode               = ".$value['if_bbcode'].",
                                                if_url                  = ".$value['if_url'].",
                                                if_html                 = ".$value['if_html']."
                                            WHERE id=".$post_info['id']."";
                                    $result = $db->Execute($sql);
                                    if (!$result) {
                                        $ajax_response->alert($db->ErrorMsg());
                                    }else{
                                        $ajax_response->redirect($CONFIGURE['common']['control_index']."?act=topic&topic_id=".$topic_info['id']."&post_id=".$post_info['id']."&#pid_".$post_info['id']);
                                    }
                                }
                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "submit_edit");
                        }

                    } elseif ($sys->get['ope'] == "del") {

                        if( $channel_info['if_lock'] == "1" && $ag_privilege_topic != "1" && $ag_privilege_channel_lockdel != "1" ){
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['if_lock_yes']."<!-- if_lock_yes -->");
                        } elseif( $MEMBER['mg_privilege']['if_delpost'] != "1" && $ag_privilege_topic != "1" ){
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['del_post']."<!-- del_post -->");
                        } elseif ( ($MEMBER['mg_privilege']['if_delpost_post'] == "1" && $reply_after > 0) && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['del_post_post']."<!-- del_post_post -->");
                        } elseif ( ($MEMBER['mg_privilege']['if_delpost_time'] != "0" && ($sys->nowtime-$post_info['post_time']) > $MEMBER['mg_privilege']['if_delpost_time']) && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['del_post_time']."<!-- del_post_time -->");
                        } elseif ( ($topic_info['post_pid'] == $post_info['id'] && $MEMBER['mg_privilege']['if_delpost_topic'] != "1") && $ag_privilege_topic != "1" ) {
                            $sys->prompt("failed",$LANGUAGE['s']['edit']['del_post_topic']."<!-- del_post_topic -->");
                        } else {

                            // submit_del
                            function submit_del($value, $button_submit)
                            {
                                global $SETTING,$LANGUAGE,$CONFIG,$CONFIGURE,$SESSION,$PROMPT,$MEMBER,$db,$sys,$c,$trans_value,$channel_info,$topic_info,$post_info,$icon_topic_list;
                                $ajax_response = new xajaxResponse();
                                $error = false;
                                //$ajax_response->alert(print_r($value, true)); $ajax_response->assign($button_submit,"disabled",false); return $ajax_response;

                                $sql = "SELECT post_attach.*
                                        FROM ".DB_TABLE_POST_ATTACH." post_attach
                                        WHERE post_attach.post_id=".$post_info['id']."
                                        ORDER BY post_attach.id";
                                $result = &$db->Execute($sql);
                                if (!$result) {
                                    $ajax_response->alert($db->ErrorMsg().$sql);
                                } else {
                                    while (!$result->EOF) {
                                        $filelist[] = array(
                                            'id'        => $result->fields['id'],
                                            'dir'       => $result->fields['dir'],
                                            'filename'  => $result->fields['filename'],
                                            'post_id'   => $result->fields['post_id'],
                                            'admin_id'  => $result->fields['admin_id'],
                                        );
                                        $result->MoveNext();
                                    }
                                    if (!empty($filelist)){
                                        foreach($filelist as $file){
                                            chmod($SETTING['dir_post_attach']."/".$file['dir']."/".$file['filename'], $SETTING['chmod_mode_file']);
                                            unlink($SETTING['dir_post_attach']."/".$file['dir']."/".$file['filename']);
                                        }
                                        $sql = "DELETE FROM ".DB_TABLE_POST_ATTACH." WHERE post_id=".$post_info['id'];
                                        $result = &$db->Execute($sql);
                                        if (!$result) {
                                            $ajax_response->alert($db->ErrorMsg().$sql);
                                        }
                                    }
                                    $sql = "DELETE FROM ".DB_TABLE_POST." WHERE id=".$post_info['id'];
                                    $result = &$db->Execute($sql);
                                    if (!$result) {
                                        $ajax_response->alert($db->ErrorMsg());
                                    }else{
                                        if ($topic_info['post_pid'] == $post_info['id']) {
                                            $result = func::db_delete(DB_TABLE_TOPIC, "id=".$topic_info['id']."");
                                            if (!$result) {
                                                $ajax_response->alert($LANGUAGE['s']['edit']['del_post_topic_error']);
                                            }
                                        }
                                        $ajax_response->redirect($CONFIGURE['common']['control_index']."?act=topic&topic_id=".$topic_info['id']);
                                    }
                                }

                                return $ajax_response;
                            }
                            $bwajax->register(XAJAX_FUNCTION, "submit_del");
                        }
                    } elseif ($sys->get['ope'] == "saveattach_upload"){
                        $bwupload->lang_msg = array(
                            '0'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['0'],
                            '1'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['1'],
                            '2'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['2'],
                            '3'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['3'],
                            '4'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['4'],
                            '6'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['6'],
                            '7'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['7'],
                            '8'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['8'],
                            'invalid'       => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['invalid'],
                            'error_size'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_size'],
                            'error_type'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_type'],
                            'upload_failed' => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['upload_failed'],
                            'error_empty'   => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_empty'],
                        );
                        $bwupload->set_size($setting_attach['size']);
                        $bwupload->set_type($setting_attach['type']);

                        $result_state   = "1";
                        $error_msg      = "";

                        $post_id = $sys->get['post_id'];
                        if (!preg_match("/^[1-9][0-9]*$/",$post_id)){
                            $result_state = "0";
                            $error_msg = $LANGUAGE['s']['edit']['saveattach_upload_post_id_error']."<!-- post_id error -->";
                        } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=".$post_id) >= $setting_attach['number']){
                            $result_state = "0";
                            $error_msg = sprintf($LANGUAGE['s']['edit']['saveattach_upload_total_full'],$setting_attach['number'])."<!-- number error -->";
                        } elseif (mb_strwidth($_POST['attach_brief'],"UTF-8") > $setting_attach['brief_length']){
                            $result_state = "0";
                            $error_msg = sprintf($LANGUAGE['s']['edit']['saveattach_upload_brief_full'],$setting_attach['brief_length'])."<!-- brief error -->";
                        } else {
                            $dir    = $setting_attach['dir'];
                            $path   = $SETTING['dir_post_attach']."/".$dir;
                            if (!file_exists($path)) { func::make_dir($path); }

                            if( !$bwupload->upload_file($path,"attach_upload") ){
                                $result_state = "0";
                                $error_msg = $bwupload->error_msg."<!-- upload error -->";
                            }else{
                                $result_state = $bwupload->proceed['attach_upload']['succeed'];
                                $error_msg = $bwupload->proceed['attach_upload']['error']."<!-- upload error message -->";
                                if ($result_state == "1") {
                                    $brief = empty($_POST['attach_brief']) ? func::str_cut($bwupload->proceed['attach_upload']['name'], 0, $setting_attach['brief_length']) : $_POST['attach_brief'];
                                    $sql_data = array(
                                        "brief"             => "'".addslashes($brief)."'",
                                        "dir"               => "'".$dir."'",
                                        "filename"          => "'".$bwupload->proceed['attach_upload']['result_name']."'",
                                        "post_id"           => "'".(int)$sys->get['post_id']."'",
                                        "member_id"          => "'".(int)$MEMBER['id']."'",
                                        "time"              => $sys->nowtime,
                                        "down"              => "0",
                                    );
                                    $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                                    if (!$result) {
                                        if (file_exists($path.$bwupload->proceed['attach_upload']['result_name'])) {
                                            @chmod($path.$bwupload->proceed['attach_upload']['result_name'], $SETTING['chmod_mode_file']);
                                            @unlink($path.$bwupload->proceed['attach_upload']['result_name']);
                                        }
                                        $result_state = "0";
                                        $error_msg = $LANGUAGE['s']['edit']['saveattach_upload_updatedb_failed']."<!-- upload db attach_name error -->";
                                    }
                                }
                            }
                            //$bwjs->write("parent.xajax_set_value('assign','test_output','".serialize($path)."');"); exit;
                            //$ajax_response->alert(print_r($_POST, true)); return $ajax_response;
                        }
                        $CONFIGURE['common']['if_output_template'] = "0";
                        $prompt_style = $result_state == "1" ? "prompt_succeed" : "prompt_failed";
                        $bwjs->write("parent.xajax_attach_upload_return('".$result_state."',
                            'amend',
                            '".$post_id."',
                            'post_amend',
                            'attach_upload_input',
                            '<input type=\"file\" id=\"attach_upload\" name=\"attach_upload\" size=\"12\" style=\"width:140px;\" class=\"input\" onchange=\"xajax_attach_showselect(\'attach_select\',\'attach_upload_prompt\',this.value)\" />',
                            'attach_upload_submit',
                            'attach_list',
                            'attach_brief',
                            'attach_upload_prompt',
                            '<span class=\"".$prompt_style."\">".$error_msg."</span>');");
                    }

                    $t->assign(array(
                        "channel_info"      => $channel_info,
                        "channel_current"   => $sys->channel_current,
                        "topic_info"        => $topic_info,
                        "trans_value"       => $trans_value,
                        "post_info"         => $post_info,
                        "setting_attach"    => $setting_attach,
                    ));
                }
            }
        }
    }
}
if (!empty($sys->channel_current)) { 
    foreach($sys->channel_current as $v){ 
        $public_var['page_place'][] = $v['name']; 
        $public_var['page_keyword'] = array_merge((array)$public_var['page_keyword'], array_filter(preg_split("/[\s,]+/", $v['keyword'])));
    }
}
$public_var['page_place'][] = $topic_info['subject'];
$public_var['page_place'][] = $LANGUAGE['s']['edit']['page_place'];
?>
